本文主要是介绍Nginx 403 forbidden,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
1、没有权限问题
Linux系统中如果Nginx没有web目录的操作权限,也会出现403错误。解决办法:修改web目录的读写权限,或者是把Nginx的启动用户改成目录的所属用户,重启Nginx即可解决。(windows 下则用管理员启动nginx即可)。
chmod -R 777 /datachmod -R 777 /data/www/
2、由于Nginx启动用户和Nginx工作用户不一致所致
Linux 查看Nginx的启动用户,发现是nobody,而为是用root启动的(windows一般不存在)
# 查看Nginx的运行进程
ps aux | grep nginx如下图:
将nginx.config的user改为和启动用户一致。
vim ./nginx.config
3、部分连接访问出现403错误
Nginx 配置服务转发,部分接口出现403错误,我只是做服务器请求地址转发所以根本不存在跨域,猜想是NGINX将请求信息改变了导致无法正常访问,F12查看错误的请求接口中不存在 Content-Type:application/x-www-form-urlencoded,由于某些请求没有用form-data jquery默认就没有Content-Type, Nginx代理修改了你的request-header,修改配置如下
# nginx代理配置
location /cbda-module-common-authority {#不更改请求头信息,其他多余参数全部去掉proxy_set_header Host $http_host; #nginx1.20.1版本可用此配置 #proxy_set_header Host $host; #如果是nginx1.18.0使用proxy_pass http://gatewayservers;
}4、完整配置如下
user root; #设置用户
worker_processes 4; # 设置进程数
worker_cpu_affinity auto; #设置进程自动绑定cpu
worker_rlimit_nofile 65535; #设置访问文件的句柄数#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;events {worker_connections 10240;multi_accept on;use epoll;
}http {include mime.types;default_type application/octet-stream;#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log /soft/service/nginx_1.18.0/nginx-1.18.0-install/logs/access.log main;sendfile on;tcp_nopush on;keepalive_timeout 65;tcp_nodelay on;open_file_cache max=102400 inactive=20s;open_file_cache_valid 30s;open_file_cache_min_uses 1;client_header_timeout 30;client_body_timeout 30;reset_timedout_connection on;send_timeout 30;server_tokens off;client_header_buffer_size 1m;large_client_header_buffers 4 1m;client_body_buffer_size 300m;client_body_temp_path /usr/local/service/nginx-1.20.1/client_body_temp;#add_header 'Access-Control-Allow-Origin' '*';add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';gzip on; #表示开启压缩功能gzip_min_length 2k; #表示允许压缩的页面最小字节数,页面字节数从header头的Content-Length中获取,默认值为0,表示不管页面多大都进行压缩,设置建议设大于1k。如果小于1k可能会越压越大。gzip_buffers 4 5m; #压缩缓存区大小gzip_http_version 1.1; #压缩版本gzip_comp_level 6; #压缩比率,一般选择4-6,为了性能gzip_typs text/css text/xml application/javascript; #指>定压缩的类型 gzip_vary on; #vary header支持;gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml application/x-httpd-php image/jpeg image/gif image/png image/icon image/jpg;gzip_vary on; #varyheader支持,改选项可以让前端的缓存服务器缓存经过GZIP压缩的页面,例如用Squid缓存经过nginx压缩的数据。upstream gatewayservers {server 192.168.66.142:30858;}server {listen 30857;server_name localhost;charset utf-8;#access_log /soft/service/nginx_1.18.0/nginx-1.18.0-install/logs/host.access.log main;location / {root /usr/local/service/issue-management-1.0/cbdacim-vue-ui/dist;index index.html index.htm;try_files $uri $uri/ /index.html;}location /cbda-module-common-authority {proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header Host $http_host;proxy_set_header accept-encodeing 'gzip, deflate';#proxy_set_header content-type 'application/json';proxy_set_header X-Real-IP $remote_addr;proxy_set_header authorization $http_authorization;proxy_set_header accept '*/*';proxy_set_header x-bce-date $http_x_bce_date;proxy_connect_timeout 300;proxy_send_timeout 300;proxy_read_timeout 300;client_max_body_size 300m;proxy_pass http://gatewayservers;}#静态资源缓存过期设置#location ~* \.(ico|jpeg|gif|png|bmp|swf|flv)$ {#expires 30d; #过期时间为30天#log_not_found off;#access_log off;#}#location ~* \.(js|css)$ {#expires 7d;#log_not_found off;#access_log off;#}#error_page 404 /404.html;# redirect server error pages to the static page /50x.htmlerror_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}# another virtual host using mix of IP-, name-, and port-based configuration##server {# listen 8000;# listen somename:8080;# server_name somename alias another.alias;# location / {# root html;# index index.html index.htm;# }#}# HTTPS server##server {# listen 443 ssl;# server_name localhost;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 5m;# ssl_ciphers HIGH:!aNULL:!MD5;# ssl_prefer_server_ciphers on;# location / {# root html;# index index.html index.htm;# }#}}
这篇关于Nginx 403 forbidden的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
